Snort behind an initial firewall



  • Trying to configure snort on PFsense when the pfsense box is behind an initial firewall.

    The setup is the ISP Internet connection comes in a  first router and some Internet traffic is directed to the PFSense box hosting snort.  Essentially the PFsense box is receiving the internet via a 192.168.172.4 WAN connection and a 192.168.172.100 gateway to the PFsense box/Lan which is 192.168.30.1.

    The issue is snort blocks the traffic from  192.168.172.100, since i presume,  it thinks it is an invalid IP.  How can I tell snort to accept all traffic from this IP and gateway but to check it and not lock out the gateway in the process.

    When I turn on Snort it blocks the gateway with various rules coming or going out to an Internet address.

    Thanks for the help!



  • With the timing of your post, it may have nothing to do with being a rear firewall - http://forum.pfsense.org/index.php/topic,60329.45.html

    Many found their WAN IPs blocked regardless of whether they were whitelisted. Uninstall and reinstall seems to fix the problem.


Locked